Hackers Undermine Piracy Evidence With Hadopi Router
Written by enigmax on July 09, 2009Yesterday we reported that a provision in the revamped French “3 strikes” bill will allow for the punishment of ISP account holders for the copyright infringing actions of others. Now a group of hackers has set out to compromise WiFi routers en masse, in order to create an environment of plausible deniability.
It seems that one way or another President Sarkozy is determined to bring a “3 strikes” regime to France. After underlining his determination during an historic speech to parliament in June, yesterday saw a revised bill accepted by the Senate.
Aside from punishing actual file-sharers, the bill allows the courts to take measures against people who have done no sharing, but are accused simply because they are the one paying the ISP bill. If the court decides that an account holder is guilty of “negligence” – by somehow allowing others to file-share on their connection – it is within a judge’s power to issue a fine up to 1,500 euros along with a 4 week disconnection.
Now, according to Le Monde, some French hackers have come together to throw confusion into the mix, so that punishing these individuals is not a straightforward or guaranteed accurate procedure.
A hacker known only as ‘N’ says he has developed some software known as ‘Hadopi Router’, a term first penned by bloggers who devised the concept. ‘N’, who is said to have previously worked manufacturing routers, says he and a few friends wrote ‘Hadopi Router’ in order to prove that the evidence gathered by the Hadopi agency is unreliable.
“It locates Wi-Fi networks in the neighborhood, then begins to crack all their passwords,” says ‘N’. “Once we have the keys, we can create a virtual access point,” which in basic terms means using the Internet connection without the account holder’s knowledge.
‘N’ says that if an ‘owned’ router has its password changed, the system automatically switches to another Wi-Fi signal in the neighborhood and starts to attack the new password.
Additionally, ‘N’ claims that with Hadopi Router it is possible to monitor activity on the cracked networks but one of his accomplices called ‘V’ says they have no bad intentions.
“We just want to release our software and allow everyone to understand that the technical data used by the Hadopi agency to accuse people will not be reliable. Because of us, the judges will not be able to say that they weren’t aware of that.”
‘N’ says he is already imagining a more ambitious strategy to distribute many dozens of modified routers to a community in order to create a “mini-network”, superimposed over existing ones.
Of course, many wireless routers already have either a complete lack of security or weak WEP encryption enabled, making them sitting ducks for drive-by infringements or less casual ones conducted by neighbors within range.
An IP address does not necessarily identify an individual, in fact one could argue that in many instances these days it doesn’t even identify a computer but merely a gateway to a sub network, behind which could be any number of individuals not linked in any way to a bill payer.
Time will tell how French judges will rule in these “negligence” cases, especially when they have just 5 minutes to do so.
Previously: Kazaa Uses RIAA Victim Jammie Thomas in PR-Campaign
Next: Mininova Denied Rectification From Dutch Government
55 Responses
From the site;
“As an effort to try and show how absurd this law is in today’s world I put up a fake page (in French) selling the “Hadopi router” that automatically cracks passwords of the nearby Wifi networks and connects to them to download torrents.
It’s a dumb joke, but I think it does point out a little bit of the absurdity of the law :-) Comments and suggestions welcome!”
Nice :)
I hope they will release this software.
Now this is what I’m talking about!
It’s a joke… and it’s old news…
If you want them to release this software and you’re not in france, then you probably want to steal your neighbor’s connection :(
No, I’m just afraid that downloading will become illegal in Holland.
Stupid Geert Wilders grr.
I was just talking about this in the last TF article!
WOOT!
Theres enough UNSECURED wireless to do the same amount of damage.. this just makes it even better..
Go FORTH my minions! We stand for freedom! We defend our free internet, no matter what the cost!
Trust in Chaos!
Yep, that was a joke, but it is feasible… Maybe someone has taken the task to make it a reality…
In Ireland, all you need are the lyrics to a Hendrix song to crack routers’ passwords in under a second.
http://www.bacik.ie/eircomwep/howto.html
Get the software to spoof the IP addresses as the French Justice Ministry, and then let them try and disconnect themselves…
backtrack linux
google it, download it, use it to crack WEP and WPA/WPA2
tho, you have to keep in mind, even if you are hacked, all ISPs state in the agreement you didn’t actually read or sign, that anything that happens on your connection is your liability
So having an unsecured router at home will help with plausible deniability, but you are technically still liable.
The best “free” method is to crack as many wifi networks as you can around you, and bridge the connections, most laptops only have 1 built in, or minipci, wifi card, BUT you can buy USB wifi cards and pc card wifi adapters.
For a standard laptop, this would allow for 5 different wifi connections at once.
In windows, it’s a simple matter of selecting the connections in network devices, and right clicking then selecting “bridge”
Anyways, is TF gonna keep posting fake news? Maybe at least READ what you are posting first? Then MAYBE put a disclaimer explaining it’s fake?
Seriously
@3 you fail.
this is an excellent idea =) i personally know quite a few people who actually do use another persons network for their downloading. in fact i even know 1 person who doesnt even subscribe to an internet plan he just steals it from his neighbours. (and all of them are password protected as well) it really does show how someones ip address really isnt solid evidance against the subscriber anymore
Mmmh… Would be nice to have… Then put it in the Ubuntu repostories and include it in the latest release. Would be really nice.
Obligatory xkcd: http://xkcd.com/416/
So every single TOR exit-node in France is “negligent” then?
I think it’s about time for a new revolution, vive la guillotine!
Some guy in Britain did a similar thing with car clamping. Its illegal to cut them off so he put up a website claiming to come round and cut people’s clamps off.
I dont think he did much but people could claim he cut it off and not them ;)
This sounds like an identical plan, nice effort
They need to find the homes of every member of parliament, senate, and the judges that will be hearing these cases.
When they find one that has a Wireless router, break the password and pirate as much as they can. Rinse and Repeat.
I forsee their enthusiasm, for the law, start to wane when they get disconnected.
Wow, N? Is he a Death Note fan? lol.
There are a few possible problems with this the main one being that a judge can still sentence someone even if they prove they did not commit the offense or through a 3rd party. This sounds like a great way to fight back in theory but in practice it might actually hurt more people especially to begin with. maybe in the long run of things after a few months of people complaining that they didnt do this or that, but in the short fall of things it can possible hurt the people.. nice idea though
again: A good idea would obviously be getting as many people as possible to just share their connections. If people are worried about security: do as I do, segment your network, one segment encrypted for private use and another one, separate from the first, completely open. If You don’t want to buy (or can’t afford) a router with possibilites for more than one network segment you can possibly afford a second cheap router. Now I haven’t read the text of the HADOPI, but normally the concept of “innocent until proven guilty” should apply. Sharing your connection (and IP-number)is presumably not criminal, even though it may be in breach of the contract with Your ISP.
@10 You won’t believe it but I just thought “Which song will I try first?” Bingo! I thought of “Third Stone from the Sun” rotf
I really hate France! And just because some guy make a software to crack the password on a router isn’t anything new (Those software have existed in many years!)
@3 anon: You should be banned!!
@26
“@3 anon: You should be banned!!”
Do not feed the troll.
that monkey french president SUX !
http://74.125.95.132/search?q=cache:A8eqOSCePyAJ:www.manucornet.net/blog/introducing-the-hadopi-router/+hadopi+router&cd=3&hl=en&ct=clnk&gl=us
Nice job on your research, Torrent Freak. Damn.
@22 but this is not how the french law are seeing it.
ISP account holders who find themselves accused over the infringements of a 3rd party could be found guilty of “negligence”, risking a maximum 1,500 euro fine and a 4 week disconnection.
so innocent until proven guilty doesn’t apply
@18 you have the right idea target the morons who are starting this and use their own laws against them. The people that are going to enforce this law are the ones that need to be shown that this can and will happen to them just as much as anyone normal internet user.
yep next they will fine you for negligence for getting robbed at the ATM because you “let your self be robbed”
This is a fine idea to combat an unjust and silly law. The people should fight this in every way they can.
The ISPs should be fighting along side. This is going to end up hurting their bottom line. They are about to become the dog at the end of a mad man’s leash.
Would a router with hidden SSID, WPA2 and Mac filtering be vulnerable to this?
I wonder how anyone could see a 5 minute judgment call as justice.. suppose you’d have to have your head really far up your behind to be able to see sense in it.
anyways.. there’s like 7 unprotected wireless networks near me, (seriously.. mine’s the only encrypted one in the whole neighborhood) so its good to see some people that make some sense.
Le Monde is a big reference paper in france, so im pretty sure they did their research. I dont think this is a joke (but there is a gag site)
it would be rather simple to create something like this anyway-just write a program that automatically cracks WEP connections, and use the IP adress of the cracking computer as an open proxy (therefore connecting from {you} to {server} to {zombie pc}) more or less TOR, without consent :) alot of wep passwords are simple to crack (with existing programs) and there are *tons* of unlocked wifi’s
“‘N’ says he is already imagining a more ambitious strategy to distribute many dozens of modified routers to a community in order to create a “mini-network”, superimposed over existing ones.”
well ‘N’ should try a lit harder…
if oyu want ot do something werthwhile ‘N’ and ‘Y’ then write a generic virtual ‘Bonded’ wireless network that can take ’several’ wireless WAN conections and make a massive Vnet pipe in both down and up load directions, in a simple one time executable script including all the apps needed would be a very good thing to make….for anyone to use with all their mates withing wireless range of each other ;)
and post a direct link HERE in this thread so we can try it…
Canadian iSP solved those issues long ago! Every peer to peer transfer is capped to 25kbps. As a result, you can’t host any server of any kind. No way to share anything since technicaly, a server, even as big as a super computer, is still a peer.
That’s the law here.
ps – I heard someone has already broken into Christine Albanel’s connextion (last minister of culture)
and lets not forget the UMP (Sarko’s party) use of a campaign song without permission (ok, so I forget which song ;) )
@37
um. which ISP are you on, where do you live? im with Shaw, works fine. I get download speed routinely bw 1-1.5mb (if its a good torrent) its the upload thats capped at 50kb/s (for me anyway)
@37
haha, its much better in the netherlands, max download 7,5 megabyte/second(though torrents mostly don’t go higher than 2, usenet and rapidshare reech 7 easily) and 750kilobyte/sec upload, torrents can reach that easily to :)
“37 Jul 10, 2009 at 07:51 by Kawazoe
Canadian iSP solved those issues long ago! Every peer to peer transfer is capped to 25kbps. As a result, you can’t host any server of any kind. No way to share anything since technicaly, a server, even as big as a super computer, is still a peer.
That’s the law here.”
it not the law, but you should research that better….
to solve your slow problem you should get/buy yourself a VPN connection and start using your payed for bandwidth far closer to its full potential….
strongVPN or any other you care to search for, its all good, hell you might even be better to just get a free ipV6 tunnel for your torrents etc, and be happy….
http://go6.net/4105/freenet.asp
@ 33
Quote: Would a router with hidden SSID, WPA2 and Mac filtering be vulnerable to this?
Yes
1) Hidden SSID – De-auth connected Clients OR MDK3 to brute force the SSID.
2) WPA2 – You would want to make the WPA2 key as long as possible (Upto 63). WPA/WPA2 can be brute forced hacked, BUT they take a VERY long time (Years). Note: Generalisation.
3) macchanger on Linux – spoof Mac. For windows google it.
Note: There are other “possibilities” to obtain a WEP/WPA/WPA2 key – google Airbase, metaploit for example.
SKY uk, use a key generated from the SSID, which is broadcast en clar. The algorithm has been reversed engineered. Again, google it.
My preferred option is to run an OPEN wifi node, and record the traffic passing through it. Plausible deny ability. Though you will probably break interception laws… But hey fukk em :) Proof is proof that you are not the only “user” of the wifi node.
Class over.
I run a wired network, but have attached a wireless router with a limited bandwidth (40k/s) but no other restrictions (other than a robust firewall box between that and my home bnetwork). As I see it, that’s a service to my neighbours (or anyone passing) that requires a connection but for whatever reason doesn’t have one.
How can “letting people have access” be negligent? Its not nearly wrong, being a service to the wider community. Think about it… if noone had secured wireless, noone would really need theirs secured, and we’d all be far better off (universal unregulated wifi coverage).
It a fake from May, and Le Monde was caught by it just recently ;)
http://www.manucornet.net/blog/introducing-the-hadopi-router/
http://www.routeurhadopi.fr/
The one thing people forget is that politicians don’t think the laws apply to them and make their own.
Compromising their networks it’s easy that is not difficult at ALL what is really difficult is exposing them, without exposure you can download all you want too and things will stay the same, you have to compromise the network and SHOW IT to the world, otherwise is just fooling around without real consequences.
Well we don’t need secure connections we need secure “channels” and a load balancing thingy to manage the bandwidth or else you could end up with the short end of the stick LoL
Other than that I don’t see why someone would bother to set up a password on a wireless router, it is not that important.
how could you “steal” something intangible like an internet connection?
or someone’s identity?
or banking information?
you can’t.
remember, private banking information wants to be free…
I propose an grass roots open Wifi movement where everyone sets their SID to the same predetermined SID and their hub/switch/router is unsecured. It would also be great to have a simple way where any lay person could bridge their connections so bandwidth is distributed across all available participating connections in the vicinity.
We just need to set a date facebook, tweet, IRC, flyers in the neighborhood and media et cetera.
totaly agree only way is to show em it does not work just telling em dont entra there tiny brains as thay just see the money side of tings
put it to em in a example of hard facts with a true working product then thay can not dissmiss it
well done lads 1 for the pirates
Hi all,
I live in France and am sad to say the big record labels have won since they are all personal friends of “ze dwarf”. I just hope people will massively hack all the orange and sfr hotspots and download as much as they can so that they end up paying huge fines.
Keep up the fight dont leave us french people alone.
Peace
Hmm… Sounds like something Hak5 would do.
@39
@42
It is my understanding that when you leave your wifi network unprotected, you expose your router to hacking. Since remote desktop is enabled in most XP boxes, your computer can be compromised directly. Note the discussion on: http://www.leetupload.com/tutorials/
as if the judges care? they rule u downloaded warez and if u dont like it u can appeal it.
ofcourse u will lose again because its france and its controlled by a dwarf idiot now
theres a site claiming to soon offer the software. Not sure if this is legit though. http://www.lazynewt.com
Another solution to the p2p users might be steganography technology: http://stegoshare.sf.net
According to hackers who where interviewed by Le Monde, the article is “full of shit”, the journalist even invented a character in his story. Even Numerama believed it and later published the real interview of the guys at tmp/lab.
Don’t believe what’s written in Le Monde, at least not their tech pages
http://www.numerama.com/magazine/13427-HostileWRT-le-vrai-nom-du-vrai-faux-routeur-Hadopi.html
http://www.entertane.com – the easiest site for torrents (movies, music, software, games, xxx) – faster, simpler – and you can search all your favorite torrent sites. No registration needed.
This is a good effort to fight for freedom.
My ISP is called “free” (it isn’t btw) and they have a service that lets you connect to any “free” subscribers wifi network when their box is in range. So technically I can connect to some random guy’s box from nearly anywhere and download all the things I want from his dsl line. Since I have to log in to access the wifi service the judge will have to ask “free” for my account information. The big question is will the isps risk losing customers to comply or not.
The Spanish isps told the government to stick it I wish the French ones would have a lil bit of balls.
I am a bit extreme sometimes but if i hear that whole “if people dont pay for music and movies anymore this will be the end of creation” I’m gonna throw up.
22 references to this post
Responses are closed
All remaining responses will continue to be archived. Use the TorrentFreak forums if you want to discuss something.